issue-reply
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through issue descriptions and comments.
- Ingestion points:
SKILL.mdusesgh issue viewto fetch untrusted content from issue bodies and comments. - Boundary markers: No delimiters or safety instructions are used to distinguish between system instructions and external data.
- Capability inventory: The skill uses
gh issue commentinSKILL.mdto post content back to GitHub. - Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is processed by the model.
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to interact with remote repositories. - It performs read operations using
gh issue viewand write operations usinggh issue comment.
Audit Metadata